package com.cn.tous.resource.controller;


import com.alibaba.nacos.api.model.v2.Result;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author mengwei
 * @description UserController
 * @createDate 2025/7/26 16:34
 */
@RestController
@RequestMapping("/user")
public class UserController {
    @GetMapping("/info")
    public Result<Authentication> getUserInfo(Authentication authentication) {
        return Result.success(authentication);
    }

    @GetMapping("/profile")
    public Result<?> getProfile(Authentication authentication) {
        return Result.success("用户资料: " + authentication.getName());
    }

    // 方法级别的权限控制
    @GetMapping("/orders")
    @PreAuthorize("hasRole('USER')")
    public Result<?> getUserOrders() {
        return Result.success("用户订单列表");
    }
}
